SQL Injection Tools

Discussion in 'Инструменты' started by ettee, 2 Apr 2007.

  1. ettee

    ettee Administrator
    Staff Member

    Joined:
    12 Oct 2006
    Messages:
    466
    Likes Received:
    1,035
    Reputations:
    1,065
    Title: sqlmap
    Author: Bernardo Damele and Daniele Bellucci, sqlmap.sourceforge.net
    Type: exploit tool
    download

    Title: SQLInjector
    Author: David Litchfield, NGSSoftware
    Type: exploit tool
    download

    Title: Bobcat
    Author: "Dave", Northern-Monkee
    Type: exploit tool
    download

    Title: Automagic
    Author: Gary Oleary-Steele,Sec-1 Research Labs
    Type: exploit tool
    download

    Title: HacmeBank
    Author: Dinis Cruz, Owasp .Net Project
    Type: exploit tool
    download

    Title: Absinthe
    Author: nummish, Xeron, 0x90.org
    Type: exploit tool
    download
     
    _________________________
    #1 ettee, 2 Apr 2007
    Last edited: 2 Apr 2007
    3 people like this.
  2. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    BSQL Hacker v0.9

    Download:

    http://ferruh.mavituna.com/opensource/BSQLHacker_v09_Binary.zip


    Sqlninja

    Download:

    http://sourceforge.net/project/downloading.php?group_id=152677&use_mirror=switch&filename=sqlninja-0.2.1-r1.tgz&18045180


    PRIAMOS

    Download:

    http://www.priamos-project.com/files/PRIAMOS.v1.0.exe
     
    1 person likes this.
  3. ЛифчиС5СВ

    ЛифчиС5СВ Elder - Старейшина

    Joined:
    9 Mar 2007
    Messages:
    164
    Likes Received:
    141
    Reputations:
    12
    ettee, посоветуй на свой взгляд получше из твоей подборки, лишним не будет =))
     
  4. darky

    darky ♠ ♦ ♣ ♥

    Joined:
    18 May 2006
    Messages:
    1,773
    Likes Received:
    823
    Reputations:
    1,418
    https://forum.antichat.ru/thread20879.html
     
  5. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
  6. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
  7. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
  8. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
  9. warlok

    warlok Elder - Старейшина

    Joined:
    17 Feb 2008
    Messages:
    337
    Likes Received:
    142
    Reputations:
    81
    Code:
    <?php
    set_time_limit(0);
    function google($domen){
    $file=file_get_contents("http://www.google.ru/ie?q=site%3A$domen&hl=ru&newwindow=1&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA&num=100");
    //$file=file_get_contents("http://www.google.ru/ie?q=".urlencode(trim($text))."&hl=ru&lr=&newwindow=1&btnI=I%27m+Feeling+Lucky&num=10000");
    $result = array ();
    $ex = array ();
    $regexp = '[0-9]. <a title="(.*)" href=(.*)>(.*)<\/a>';
    
    if (preg_match_all("/$regexp/siU", $file, $matches)) {
    foreach($matches[2] as $item) { 
    array_push($result,$item);
    }
    
    if (is_integer(strpos($file,"&start="))) { // От 0 до 100
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=100&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 100 до 200
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=200&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 200 до 300
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=300&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 300 до 400
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=400&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 400 до 500
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=500&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 500 до 600
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=600&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 600 до 700
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=700&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 700 до 800
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=800&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 800 до 900
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=900&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    if (is_integer(strpos($file,"&start="))) { // От 800 до 900
    $file=file_get_contents("http://www.google.ru/ie?q=site:$domen&num=1000&hl=ru&start=100&sa=N");
    if (preg_match_all("/$regexp/siU", $file, $matches)) {foreach($matches[2] as $item) { array_push($result,$item);}}}
    
    for ($i = 0; $i <= count($result)-1; $i++) {
    if (is_integer(strpos($result[$i],"="))) {
    $s=$result[$i];
    $s=str_replace("&","'&",$s);
    $s = $s."'";
    $rx=file_get_contents($s);
    if (is_integer(strpos($rx,"SQL syntax"))){
    flush();
    echo "<span class=\"red\">$s</span><br>";}
    }}
    
    if(count($ex)==0)
    array_push($ex,"<center><b>Not found</b></center>");
    
    return $ex;
    } else return "<center><b>Not found</b></center>";
    }
    ?>
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>SQL Inj Tester - Coded by ArxWolf, Powered by WebXakep.net - Russian</title>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
    <meta name="author" content="ArxWolf">
    <style>
    .red:link	{ color: red; font-weight: bold; text-decoration: none;}
    .red:visited	{ color: red; font-weight: bold; text-decoration: none;}
    .red:hover	{ color: red; font-weight: bold; text-decoration: underline;}
    .red:active	{ color: red; font-weight: bold; text-decoration: none;}
    body {
    background-color: #1B1B1B;
    font: normal 10px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
    color: #83AACB;
    font-weight: bold;
    }
    input,textarea,select
    {font: normal 11px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
    color: #B4B4B4;
    background-color: #333333;
    border-color: #424242;
    border-left: 1px solid #0A0A0A;
    border-top: 1px solid #0A0A0A;
    border-right: 1px solid #2C2C2C;
    border-bottom: 1px solid #2C2C2C;}
    input:hover, textarea:hover, select:hover  {
    border-color: #B6FF48;
    color: #B6FF48;}
    input:focus, textarea:focus, select:hover {
    border-color: #B6FF48;
    color: #ffffff;}
    .td {
    	border: 1px solid #666666;
    }
    </style>
    </head>
    <body>
    <form method="post">
    <table width="200"  border="0" align="center" class="td">
      <tr>
        <td nowrap>Host [Scanning a maximum of 1000 pages]:</td>
        <td><input type="text" name="tt" size="30"></td>
      </tr>
      <tr>
        <td colspan="2"><div align="right">
          <input type="submit" name="sbm" value="Run">
        </div></td>
      </tr>
    </table>
    </form>
    
    <?php
    if (isset($_POST['sbm'])){
    $txt=$_POST['tt'];
    if ($txt=="") die("<center><b>Empty</b></center>");
    $res=google($txt);
    
    }
    ?>
    
    </body>
    </html>
    
     
  10. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    ISR-sqlget v.1.0.0

    Description: ISR-sqlget: It's a blind SQL injection tool developed in Perl.
    It lets you get databases schemas and tables rows.
    Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

    DATABASES SUPPORTED:

    Code:
    - IBM DB2
    - Mcft SQL SERVER
    - ORACLE
    - POSTGRES
    - MYSQL
    - IBM INFORMIX
    - SYBASE
    - HSQLDB
    - MIMER
    - PERVASIVE
    - VIRTUOSO
    - SQLITE
    - INTERBASE/YAFFIL/FIREBIRD
    - H2 
    - MCKOI
    - INGRES
    - MONETDB 
    - MAXDB 
    - THINKSQL 
    - SQLBASE
    Если не будет работать ошибка будет примерно такого вида:

    Code:
    Can't locate Convert/EastAsianWidth.pm in @INC (@INC contains: ./libs/ D:/Perl/site/lib D:/Perl/lib .) at connection.pm line 6
    BEGIN failed--compilation aborted at connection.pm line 6.
    Compilation failed in require at ISR-sqlget.pl line 30.
    BEGIN failed--compilation aborted at ISR-sqlget.pl line 30.
    скачиваем http://search.cpan.org/src/AUTRIJUS/Unicode-EastAsianWidth-1.02/lib/Unicode/EastAsianWidth.pm и вставляем его в папку D:\Perl\lib\Convert если папки Convert нет то создаём )

    Download: _http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz
     
    #10 ~!DoK_tOR!~, 20 Sep 2008
    Last edited: 20 Sep 2008
    1 person likes this.
  11. [Raz0r]

    [Raz0r] Elder - Старейшина

    Joined:
    25 Feb 2007
    Messages:
    425
    Likes Received:
    484
    Reputations:
    295
    SQL Playground 3

    SQL Playground 3
    http://real.o-n.fr/

    Описание: SQL Playground - CLI-утилита, написанная на PHP, целью которой является обеспечение удобной среды при реализации SQL-инъекций в MySQL.

    Набор функций стандартный для подобного рода утилит, но интерфейс для работы со SQL-иъекциями довольно оригинальный.

    Пример работы:
    Подробный мануал
    Скачать
     
  12. g4lyfe

    g4lyfe New Member

    Joined:
    20 Sep 2010
    Messages:
    18
    Likes Received:
    3
    Reputations:
    1
    [​IMG]



    The Mole – Automatic SQL Injection SQLi


    automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it

    hXXp://
    sourceforge.net/projects/themole/files/ themole-0.2.6/themole-0.2.6-win32.zip/download

    OR


    hXXp://
    sourceforge.net/projects/themole/files/ themole-0.2.6/themole-0.2.6-lin-src.tar.gz/download
     
  13. g4lyfe

    g4lyfe New Member

    Joined:
    20 Sep 2010
    Messages:
    18
    Likes Received:
    3
    Reputations:
    1
    enema SQLi and Web Attack Framework

    [​IMG]



    Enema is not auto-hacking software for script kiddies. This is dynamic tool for professional pentesters.

    Features:
    Multi-platform.
    User-friendly graphical interface.
    Multithreaded.
    Dump.
    Customise your queries
    Create your custom plugins to automate attacks


    http://code.google.com/p/enema/downloads/list
     
    2 people like this.
  14. eksin

    eksin Elder - Старейшина

    Joined:
    26 Sep 2011
    Messages:
    64
    Likes Received:
    30
    Reputations:
    39
    http://enema.googlecode.com/files/enema_fw-1.71-install.exe
     
Loading...